package com.binc.testspring.common.config;

import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;
import javax.sql.DataSource;

/**
 * FileName: AuthorityConfig   这是对接sercurity.oathu2的配置类   注意这里得继承一个东西
 * Autho: binC
 * Date:  2022/10/9 10:06
 */
@Component
@EnableAuthorizationServer  // 这个虽然过期了,但是还可以看看,新的方式参照 https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide
public class AuthorityConfig extends AuthorizationServerConfigurerAdapter {

    @Resource
    private PasswordEncoder passwordEncoder;

    @Resource
    private DataSource dataSource;

    /**
     * 允许表单模式的认证
     * @param security
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.allowFormAuthenticationForClients()
                .checkTokenAccess("permitAll()");
    }

    /**
     * 配置所有客户端的信息（client_id、secret、授权模式、scope、资源id 以及重定向地址）
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        /**
         * 方法一：内存配置
         */
       clients.inMemory()
               .withClient("user-client")
               .secret(passwordEncoder.encode("123456"))
               .authorizedGrantTypes("authorization_code")
               .scopes("all")
               .resourceIds("wj_resource")
               .redirectUris("http://localhost:8082/user/hello");

        /**
         * 方法二：db配置
         * 先创建表 oauth_client_details ，包含字段 client_id、resource_ids、client_secret、scope、authorized_grant_types、web_server_redirect_uri 等关键字段。然后插入需要配置的所有客户端信息
         *
         * 建表语句：
         create table oauth_client_details (    client_id VARCHAR(256) PRIMARY KEY,    resource_ids VARCHAR(256),    client_secret VARCHAR(256),    scope VARCHAR(256),    authorized_grant_types VARCHAR(256),    web_server_redirect_uri VARCHAR(256),    authorities VARCHAR(256),    access_token_validity INTEGER,    refresh_token_validity INTEGER,    additional_information VARCHAR(4096),    autoapprove VARCHAR(256));
         INSERT INTO oauth_client_details    (client_id, client_secret, scope, authorized_grant_types,    web_server_redirect_uri, authorities, access_token_validity,    refresh_token_validity, additional_information, autoapprove)VALUES    ('user-client', '$2a$10$4zd/aj2BNJhuM5PIs5BupO8tiN2yikzP7JMzNaq1fXhcXUefWCOF2', 'all',    'authorization_code,refresh_token,password', null, null, 3600, 36000, null, true);
         INSERT INTO oauth_client_details    (client_id, client_secret, scope, authorized_grant_types,    web_server_redirect_uri, authorities, access_token_validity,    refresh_token_validity, additional_information, autoapprove)VALUES    ('order-client', '$2a$10$4zd/aj2BNJhuM5PIs5BupO8tiN2yikzP7JMzNaq1fXhcXUefWCOF2', 'all',    'authorization_code,refresh_token,password', null, null, 3600, 36000, null, true);
         */
        // JdbcClientDetailsServiceBuilder jcsb = clients.jdbc(dataSource);
        // jcsb.passwordEncoder(passwordEncoder);

    }
}
